Debian Security Advisory

DSA-062-1 rxvt -- buffer overflow

Date Reported:

16 Jun 2001

Affected Packages:

rxvt

Vulnerable:

Yes

Security database references:

In the Bugtraq database (at SecurityFocus): BugTraq ID 2878.
In Mitre's CVE dictionary: CVE-2001-1077.

More information:

Samuel Dralet reported on bugtraq that version 2.6.2 of rxvt (a VT102 terminal emulator for X) have a buffer overflow in the tt_printf() function. A local user could abuse this making rxvt print a special string using that function, for example by using the -T or -name command-line options. That string would cause a stack overflow and contain code which rxvt will execute.

Since rxvt is installed sgid utmp an attacker could use this to gain utmp which would allow them to modify the utmp file.

This has been fixed in version 2.6.2-2.1, and we recommend that you upgrade your rxvt package.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Source:: http://security.debian.org/dists/stable/updates/main/source/rxvt_2.6.2-2.1.diff.gz; http://security.debian.org/dists/stable/updates/main/source/rxvt_2.6.2-2.1.dsc; http://security.debian.org/dists/stable/updates/main/source/rxvt_2.6.2.orig.tar.gz
Alpha:: http://security.debian.org/dists/stable/updates/main/binary-alpha/rxvt-ml_2.6.2-2.1_alpha.deb; http://security.debian.org/dists/stable/updates/main/binary-alpha/rxvt_2.6.2-2.1_alpha.deb
ARM:: http://security.debian.org/dists/stable/updates/main/binary-arm/rxvt-ml_2.6.2-2.1_arm.deb; http://security.debian.org/dists/stable/updates/main/binary-arm/rxvt_2.6.2-2.1_arm.deb
Intel IA-32:: http://security.debian.org/dists/stable/updates/main/binary-i386/rxvt-ml_2.6.2-2.1_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/rxvt_2.6.2-2.1_i386.deb
Motorola 680x0:: http://security.debian.org/dists/stable/updates/main/binary-m68k/rxvt-ml_2.6.2-2.1_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/rxvt_2.6.2-2.1_m68k.deb
PowerPC:: http://security.debian.org/dists/stable/updates/main/binary-powerpc/rxvt-ml_2.6.2-2.1_powerpc.deb; http://security.debian.org/dists/stable/updates/main/binary-powerpc/rxvt_2.6.2-2.1_powerpc.deb
Sun Sparc:: http://security.debian.org/dists/stable/updates/main/binary-sparc/rxvt-ml_2.6.2-2.1_sparc.deb; http://security.debian.org/dists/stable/updates/main/binary-sparc/rxvt_2.6.2-2.1_sparc.deb

MD5 checksums of the listed files are available in the original advisory.